Built so the board can trust it.

Data residency

All Manorway data lives in US-East AWS regions, operated by our infrastructure provider Supabase (SOC 2 Type II certified). Your community's data does not leave the United States. We do not transfer data to or process it through Europe, Asia, or any other region.

Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database backups are encrypted with the same standards. Your community's documents — CC&Rs, financial records, meeting minutes — are encrypted on disk and accessible only via authenticated requests scoped to your community.

Access controls

Manorway is multi-tenant by design. Row-level security (RLS) enforces that one community's data is never visible to another community, even by accident. Board members see board data; residents see resident data; vendors see only the work orders assigned to them. RLS is enforced at the database layer — not just the application layer — so a code bug in the app cannot expose data across communities.

Authentication uses email-and-password or passwordless magic links. Two-factor authentication via authenticator app is available on request and will be the default for board roles in 2026.

AI guardrails

AI never acts alone. Manorway uses AI to summarize, draft, and surface insights — but every decision, communication, financial action, and legal action is reviewed and approved by a human before it happens. Specifically:

• AI never sends emails to residents on its own. The board (or your dedicated HOA expert on the Managed tier) reviews and approves every external communication.
• AI never approves a vendor invoice or moves money. Board sign-off is required for every payment.
• AI never enforces a violation autonomously. Notices are drafted and queued for board review.
• AI never modifies your governing documents. CC&R and bylaw edits require board approval and are versioned with full diff history.

We use OpenAI and Anthropic as model providers. Your community's data is sent to those providers only when required to generate a draft response or summary, and is never used to train their models. We have data-processing agreements in place with both vendors.

Audit trail

Every action — every login, every document edit, every approval, every AI-drafted message — is logged with a timestamp, the user who took the action, and the system component involved. Audit logs are retained for the lifetime of your subscription plus 7 years after termination, in line with typical HOA record-retention requirements. The board can search and export the audit trail at any time.

Subprocessors

We use the following vendors to operate Manorway. Each handles only the data necessary for their role:

• Supabase — database, authentication, edge function hosting (US-East)
• Vercel — website + application hosting (US-East)
• Stripe — billing and payments (PCI DSS Level 1)
• OpenAI — AI model provider for drafting and summarization
• Anthropic — AI model provider for governance-sensitive workflows
• Sendgrid — transactional email delivery
• Twilio — SMS notifications (opt-in only)
• Microsoft Clarity — pseudonymized heatmaps and session replay on our marketing pages (helps us improve the site; never used on the board / resident application)

Incident response

If we detect a security incident affecting your community's data, we will notify the board within 72 hours of detection, in writing, with the scope of the incident and the steps we're taking to remediate it. Our incident response runbook is reviewed annually.

Compliance posture

Manorway operates under SOC 2 Trust Services Criteria across security, availability, processing integrity, confidentiality, and privacy controls. Our control documentation is reviewed annually by leadership. Formal SOC 2 Type II certification is on our 2027 roadmap. The infrastructure providers we build on — Supabase, Vercel, Stripe, OpenAI, and Anthropic — are all SOC 2 Type II certified today, so the platform you connect with is operating on already-audited foundations. We’re happy to share our control documentation with prospective communities under NDA. Email hello@manorwaygroup.com with “Security review” in the subject.